Skip to content

Commit cf706e3

Browse files
Add vpatch-CVE-2026-34197 rule
1 parent e452ba7 commit cf706e3

1 file changed

Lines changed: 38 additions & 0 deletions

File tree

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
## autogenerated on 2026-07-01 13:08:11
2+
name: crowdsecurity/vpatch-CVE-2026-34197
3+
description: 'Detects RCE in Apache ActiveMQ via Jolokia addNetworkConnector with xbean brokerConfig'
4+
rules:
5+
- and:
6+
- zones:
7+
- URI
8+
transform:
9+
- lowercase
10+
match:
11+
type: contains
12+
value: /api/jolokia/
13+
- zones:
14+
- RAW_BODY
15+
transform:
16+
- lowercase
17+
match:
18+
type: contains
19+
value: 'addnetworkconnector'
20+
- zones:
21+
- RAW_BODY
22+
transform:
23+
- lowercase
24+
match:
25+
type: contains
26+
value: 'brokerconfig=xbean:http'
27+
28+
labels:
29+
type: exploit
30+
service: http
31+
confidence: 3
32+
spoofable: 0
33+
behavior: 'http:exploit'
34+
label: 'Apache ActiveMQ - RCE'
35+
classification:
36+
- cve.CVE-2026-34197
37+
- attack.T1190
38+
- cwe.CWE-94

0 commit comments

Comments
 (0)